AMENDMENT AND RESPONSE UNDER 37 CFR § 1.111 Page 6 

Serial Number: 10/815,539 Dkt: 884.B76US1 

Filing Date: March 31, 2004 

Title: PROGRAMMABLE CONTEXT AWARE FIR1W Ai i \\ i Tl ! INTEGRATED INTRUSION' DETECTION" SYSTEM 



REMARKS 

This responds to the Office Action mailed on September 4, 2007 . 
Claims 1, 7, 9, 15 and 18 are amended, no claims are canceled, or added; as a result, 
claims 1-25 remain pending in this application. 

Claim Objections 

Claim 15 was objected to because of informalities. In particular, claim 15 was objected 
to because of insufficient antecedent basis for "The system of claim 8" recited in the first line of 
the claim. Claim 15 has been amended to provide correct claim dependency. Applicant 
respectfully submits that the amendment overcomes the objection. Applicant respectfully 
requests removal of the objection to claim 15. 

§101 Rejection of the Claims 
Claims 18-25 were rejected under 35 U.S.C. § 101 as being directed to non-statutory 
subject matter. In particular, the Office Action stated that the term "medium" in the claims may 
include signal, and that as such, the claims may be drawn to a form of energy which is not a 
category of invention. For the purposes of this response, Applicant will assume that the 
Examiner is applying the Patent Subject Matter Eligibility Interim Guidelines (hereinafter 
"Guidelines") in the rejection of claims 18-25. According to the Guidelines, the USPTO 
considers claims to signals per se, whether functional descriptive material or nonfunctional 
descriptive material, to be nonstatutory subject matter. Applicant agrees with the 
counterargument presented in Annex IV, which states: 

"On the other hand, from a technological standpoint, a signal encoded 
with functional description material is similar to a computer-readable 
medium encoded with functional descriptive material, in that they both 
create a functional relationship with a computer. In other words, the 
computer is able to execute the encoded functions, regardless of whether 
the format is a disk or a signal." (see Guidelines at page 57) 



However, in order to expedite prosecution, Applicant has amended claim 1 8 to recite a tangible 
machine readable medium for storing machine executable instructions. Claim 18 has been 
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amended to clarify that the computer-readable medium is a tangible medium, thereby excluding 
signals. Applicant reserves the right to reintroduce the claims directed to and including signals 
in a continuing application. 



§ 103 Rejection of the Claims 

Claims 1, 4-9, 12-18, and 21-25 were rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Coss et al. (U.S. 6,154,775, hereinafter "Coss") and further in view of Randy 
H. Katz's, Contemporary Logic Design (hereinafter "Katz"). As discussed in KSR International 
Co. v. Teleflex Inc. et al. (U.S. 2007), the determination of obviousness under 35 U.S.C. § 103 is 
a legal conclusion based on factual evidence. See Princeton Biochemicals, Inc. v. Beckman 
Coulter, Inc., 7, 1336-37 (Fed. Cir. 2005). The legal conclusion, that a claim is obvious within § 
103(a), depends on at least four underlying factual issues set forth in Graham v. John Deere Co. 
of Kansas City, 383 U.S. 1, 17 (1966): (1) the scope and content of the prior art; (2) differences 
between the prior art and the claims at issue; (3) the level of ordinary skill in the pertinent art; 
and (4) evaluation of any relevant secondary considerations. 

The Examiner has the burden under 35 U.S.C. § 103 to establish a prima facie case of 
obviousness. In re Fine, 837 F.2d 1071, 1074 (Fed. Cir. 1988). To establish a prima facie case 
of obviousness, three basic criteria should be met. First, there must be some suggestion or 
motivation, either in the references themselves or in the knowledge generally available to one of 
ordinary skill in the art, to modify the reference or to combine reference teachings. Second, 
there must be a reasonable expectation of success. Finally, the prior art reference (or references 
when combined) must teach or suggest all the claim limitations. M.P.E.P. § 2142 (citing In re 
Vaeck, 947 F.2d, 488, 20 USPQ2d 1438 (Fed. Cir. 1991)). 

Furthermore, the Court in KSR reaffirmed that "[a] factfinder should be aware, of course, 
of the distortion caused by hindsight bias and must be cautious of argument reliant upon ex post 
reasoning." KSR Int'l Co. v. Teleflex Inc., 127 S. Ct. 1727, 82 USPQ2d at 1397. See also 
Graham v. John Deere Co., 383 U.S. at 36, 148 USPQ at 474. 

Applicant respectfully traverses the rejection because the claims contain elements not 
taught or suggested by the Coss or Katz references. For example, claim 1 recites storing a set of 
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filters in a database. Claims 9 and 18 recite similar language. The Office Action asserts that 
Coss teaches storing filters in a database at column 4, lines 5-6. Applicant respectfully disagrees 
with this interpretation of Coss. The cited section of Coss merely states that rules may be stores 
in a tabular form. Rules are distinct from filters, and Coss does not teach or suggest storing 
filters in a database. Applicant has reviewed the portion of Katz provided with the Office Action 
and can find no teaching or suggestion of storing a set of packet filters in a database. 

Further, claim 1 as amended recites that an action in a protocol state rule includes 
"instantiation of a filter for the network flow from the set of filters." Claims 9 and 18 recite 
similar language. The Office Action states that Coss, at column 4, line 48, discloses instantiation 
of a filter. Applicant respectfully disagrees with this interpretation of Coss. The cited section of 
Coss merely states that the action may include passing, dropping, or proxying a packet, it does 
not teach or suggest selecting a filter stored in a database of filters and instantiating the filter in 
response to a rule match. Applicant has reviewed the portion of Katz provided with the Office 
Action and can find no teaching or suggestion of selecting a filter stored in a database of filters 
and instantiating the filter in response to a rule match. 

For the reasons above, neither Coss nor Katz teach or suggest each and every element of 
claims 1, 9 or 18. Therefore claims 1, 9 and 18 are not obvious in view of the combination of 
Coss and Katz. Applicant respectfully requests reconsideration and the withdrawal of the 
rejection of claims 1, 9 and 18. 

Claims 4-8 depend from claim 1, claims 12-17 depend from claim 9 and claims 21-25 
depend from claim 18. These dependent claims are therefore patentable over Coss and Katz for 
the reasons argued above, and are also patentable in view of the additional elements which they 
provide to the patentable combination. If an independent claim is nonobvious under 35 U.S.C. § 
103, then any claim depending therefrom is also nonobvious. MPEP § 2143.03. 

Further, claims 6, 14 and 23 recite that "the at least one action comprises saving the result 
of the at least one action for use in a later executed rule in the set of parsed protocol state rules." 
The Office action states that Coss, at column 5, lines 40-52 teaches the recited language. 
Applicant respectfully disagrees with this interpretation of Coss. The cited section of Coss states 
that the system may "cache the results of rule processing." Applicant notes that Coss does not 
teach saving the results of an individual rule for later use by other individual rules, rather Coss 
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appears to teach caching the results a set of rules applied to a packet. Further, the caching is not 
used as input to later executed rules; rather the caching of a result is used to bypass rules 
processing for later similar packets. Further, Applicant has reviewed the portion of Katz 
provided with the Office Action and can find no teaching or suggestion of saving the result of the 
at least one action for use in a later executed rule. Thus neither Coss nor Katz teach or suggest 
each and every element of claims 6, 14 or 23. Therefore claims 6, 14 and 23 are not obvious in 
view of the combination of Coss and Katz. Applicant respectfully requests reconsideration and 
the withdrawal of the rejection of claims 6, 14 and 23. 

Additionally, claim 7 has been amended to recite "maintaining an expected state for the 
network flow utilizing the saved result." Applicant can find no teaching or suggestion of 
maintaining an expected state for a network flow using a saved result. Rather, Coss teaches that 
caching the results of rules processing may be used to bypass the rules at a later time for 
subsequent similar packets. Additionally, Applicant has reviewed the portion of Katz provided 
with the Office Action and can find no teaching or suggestion of maintaining a suggested state 
for a network flow. As a result, neither Coss nor Katz, alone or in combination, teach or suggest 
each and every element of claim 7. Applicant respectfully requests reconsideration and the 
withdrawal of the rejection of claim 7. 

Still further, claims 8, 16, 17, 24 and 25 recite that actions may be used to activate and 
deactivate rules. The Office Action states that Coss teaches activating a rule at column 8, lines 
13-15 and deactivating a rule at column 8, lines 36-38. While Coss may teach activating or 
deactivating a rule, Coss does not teach that a rule may be activated or deactivated as part of an 
action of another rule, thus providing the capability for the system to autonomously reconfigure 
itself in response to conditions observed in a network flow. Additionally, Applicant has 
reviewed the portion of Katz provided with the Office Action and can find no teaching or 
suggestion of activating or deactivating rules. As a result, neither Coss nor Katz, alone or in 
combination , teach or suggest each and every element of claims 8, 16, 17, 24 or 25. Applicant 
respectfully requests reconsideration and the withdrawal of the rejection of claim 8, 16, 17, 24 
and 25. 



AMENDMENT AND RESPONSE UNDER 37 CFR § 1.111 Page 10 

Serial Number: 10/815,539 Dkt: 884.B76US1 

Filing Date: March 31, 2004 

Title: PROGRAMMABLE CONTEXT AWARE FIREWALL WITH IN TEGRATED INTRUSION DETECTION SYSTEM 

Claims 2-3, 10-11, and 19-20 were rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Coss et al. (U.S. 6,154,775) in view of Katz, and further in view of Stockwell 
et al. (U.S. 5,950,195). Claims 2-3 depend from claim I, claims 10-11 depend from claim 9 and 
claims 18-20 depend from claim 18. Thus claims 2-3, 10-1 1 and 18-20 inherit the elements of 
their respective base claims, including elements related to storing a set of filters in a database, 
and instantiating a filter from the database as part of an action for a rule. As discussed above, 
these elements are not taught or suggested by Coss or Katz. Further, Applicant has reviewed 
Stockwell and can find no teaching or suggestion of storing a set of filters in a database or 
instantiating a filter from the database as part of an action for a rule. Thus none of Coss, Katz or 
Stockwell teaches each and every element of claims 2-3, 10-11 or 19-20, including elements 
inherited by these dependent claims. Thus claims 2-3, 10-1 1 and 19-20 are not obvious in view 
of the combination of Coss, Katz and Stockwell. Applicant respectfully requests reconsideration 
and the withdrawal of the rejection of claims 2-3, 10-1 1 and 19-20. 

Reservation of Rights 
In the interest of clarity and brevity, Applicant may not have equally addressed every 
assertion made in the Office Action, however, this does not constitute any admission or 
acquiescence. Applicant reserves all rights not exercised in connection with this response, such 
as the right to challenge or rebut any tacit or explicit characterization of any reference or of any 
of the present claims, the right to challenge or rebut any asserted factual or legal basis of any of 
the rejections, the right to swear behind any cited reference such as provided under 37 C.F.R. § 
1.131 or otherwise, or the right to assert co-ownership of any cited reference. Applicant does not 
admit that any of the cited references or any other references of record are relevant to the present 
claims, or that they constitute prior art. 



AMENDMENT AND RESPONSE UNDER 37 CFR § 1.111 Page 11 

Serial Number: 10/815,539 Dkt: 884.B76US1 

Filing Date: March 31, 2004 

Title: PROGRAMMABLE CONTEXT AWARE FIR1 W Ai i \\ i Tl ! INTEGRATED INTRUSION' DETECTION" SYSTEM 



CONCLUSION 

Applicant respectfully submits that the claims are in condition for allowance, and 
notification to that effect is earnestly requested. The Examiner is invited to telephone 
Applicant's attorney at (612) 373-6954 to facilitate prosecution of this application. 

If necessary, please charge any additional fees or credit overpayment to Deposit Account 
No. 19-0743. 



Respectfully submitted, 



SCHWEGMAN, LUNDBERG & WOESSNER, P.A. 
P.O. Box 2938 
Minneapolis, MN 55402 
(612) 373-6954 



Date January 4, 2008 
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Rodney L. Lacy 
Reg. No. 41,136 



this 4th day of Jam 
Rodney L. Lacy 



